The room: “Introducing cyber threat intelligence and related topics, such as relevant standards and frameworks.“
https://tryhackme.com/room/cyberthreatintel
Task 2: Cyber Threat Intelligence
2.1. What does CTI stand for?
Cyber Threat Intelligence
2.2. IP addresses, Hashes and other threat artefacts would be found under which Threat Intelligence classification?
Technical Intel: Provides information about the resources an attacker uses to carry out an attack. Focuses on a specific loC.
Technical Intel
Task 3: CTI Lifecycle
3.1. At which phase of the CTI lifecycle is data converted into usable formats through sorting, organising, correlation and presentation?
Processing
3.2. During which phase do security analysts get the chance to define the questions to investigate incidents?
Direction
Task 4: CTI Standards & Frameworks
4.1. What sharing models are supported by TAXII?
collection and channel
4.2. When an adversary has obtained access to a network and is extracting data, what phase of the kill chain are they on?
Actions on Objectives
Task 5: Practical Analysis
5.1. What was the source email address?
vipivillain@badbank.com
5.2. What was the name of the file downloaded?
flbpfuh.exe
5.3. After building the threat profile, what message do you receive?
THM{***_*_***_***}
a